Privacy Policy
Privacy Policy
For our Cookies policy, please click here.
Introduction
We are Optegra UK Limited, a company registered in England under number 05846041. Our registered office is at 7 The Technology Park, Colindeep Lane, London NW9 6BX.
This Privacy Policy (the “Policy”) and the Cookies Policy describe how Optegra UK Limited (“Company”, “we”, and “our”) collect, use and share personal data when you visit this website: optegra.com (“the website”, “the Site” and other Optegra UK webpages accessible from our Site. Please read this Policy and the Cookies Policy carefully, to understand our views and practices regarding your personal data and how we will treat it.
Use of Site by Minors
- This site is applicable to adults and not to individuals under the age of 16.
- We request that individuals under 16 do not provide personal information through this Site.
Adults
As above, we encourage you to read the Policy in full. However, to summarise, we will:
- Always use your data within relevant UK data protection law;
- Anonymise personal data or use other security measures so that you cannot be identified, before making personal data available for clinical research or trials; and
- Always respect your wishes about how you would like to be contacted.
Updates to this Privacy Policy and the Cookies Policy
We reserve the right to modify both policies at any time, so we encourage you to review them frequently. If we make any material change(s) to our data protection practice that affect your privacy rights at Optegra UK, we will post an updated version of the relevant policy on our website.
Contact Us
If you have any questions about this Privacy Policy, please email us at DPO@Optegra.com or write to our Data Protection Team at the following address:
Optegra UK Head Office
Optegra Eye Health Care
7 The Technology Park
Colindeep Lane, London NW9 6BX
Personal Data
“Personal Data” shall have the meaning given to it in the “Applicable UK Law(s)”. Furthermore, Personal Data shall include ‘special category’ data or Sensitive Personal Data.
“Applicable UK Law(s)” shall mean all applicable statutes, regulations, orders, regulatory requirements, by laws, ordinances, rules, subordinate legislation and other UK laws / data protection laws, including any judicial or administrative interpretation of them, in force from time to time in any applicable jurisdiction. This includes “Data Protection Law(s)”.
“Data Protection Law(s)” means the UK General Data Protection Regulation ‘UK GDPR’, the Data Protection Act ‘DPA’ 2018, the Privacy and Electronic Communications (EC Directive) Regulations ‘PECR’ 2003 and any other UK legislation relating to privacy rights or the use or processing of Personal Data.
Optegra UK is committed to protecting and respecting patient privacy and to complying with Data Protection Laws and medical confidentiality guidelines. Very strict rules and procedures are in place to ensure that your information is kept safe, and that your Personal Data is kept confidential and shared appropriately. If you would like further information on how your personal data is processed, please contact: DPO@Optegra.com.
Why do we collect your personal data?
Optegra UK current / former employees, contractors and agency workers, please select here.
Prospective / existing patients:
- We obtain and use your personal details and financial details in order to establish and deliver our core services to you, including the eye healthcare treatments that you expect us to provide you with.
- Where you access our service through your health insurance provider we will need to share your personal and medical information, including with your health insurance provider, with your explicit consent.
- Where you access our service through the NHS, we will need to share your personal information including details of your medical information (ie history and / or health), with the NHS, with your explicit consent.
- Where you access our service though the NHS or otherwise, we support innovation and are pleased to modernise and improve our service. This means that some of your personal data may be processed by a “digital worker”. However, this is in the interests of improving patient care and the efficiency of our services and should not lead to any disadvantage to our patients.
- We obtain and use your medical information as this is necessary for medical purposes, including medical diagnosis and treatment.
- We also store your medical information / records, such as notes from appointments and consultations, for regulatory compliance purposes. For example, we may need to review your information and, where necessary, make disclosures of it, in compliance with reasonable requests by regulatory bodies including the Nursing and Midwifery Council ‘NMC’, General Medical Council ‘GMC’; Medical and Healthcare products Regulatory Agency ‘MHRA’; and Care Quality Commission ‘CQC’; Private Health Information Network ‘PHIN’, Information Commissioner’s Office ‘ICO’ or as otherwise required by law or regulation.
- We use details about you, including your email address; postal address and telephone number to send you occasional updates and marketing messages where you have given your consent or where you have not opted out, based on our legitimate interest in marketing our services to you, and subject to your right to opt out at any time.
- We may also email or call you if you are part of our database of prospective patients or leads and have opted in to, or not opted out of, such communications from us. Please note that we record calls with colleagues in our Customer Engagement Centre, ie whether they call you or you call them.
- We use your telephone number and other relevant details about you, to communicate with you and to provide our professional advisers with information about appointment bookings and other matters, including the resolution of queries and / or complaints or legal claims.
- Where you decline to provide information we have requested from you, please bear in mind that this may affect our ability to treat you or provide you with our services. Therefore, it is likely that we will decline to treat you or provide you with our services.
Personal Data / Personal Information we may collect from you
Optegra UK current / former employees, contractors and agency workers, please select here.
Prospective / existing patients: We collect information in various ways, ie
Personal details – These are ‘basic identifiers’ about you, that you provide by filling in forms in person, at our clinics and hospitals, or on our Site or via a call with us on the telephone. Please note that calls with our Customer Engagement Centre colleagues will normally be recorded. ‘Basic identifiers’ include but are not limited to your name, age, gender, date of birth, postal / email address and telephone numbers.
Medical information – This part of your personal data forms part of your health record and is ‘special category’ data within Article 9 (1), UK GDPR. This information includes details about your symptoms, consultations, medications and procedures. We will process your ‘special category’ personal data ‘within the rules’ for ‘special category’ personal data (see ‘The legal basis for processing your personal data’ below).
Financial information – When you make any payments using your credit / debit card, these details are processed directly by a third – party processor that will store all payment information and transactions details. We will only retain limited details of the transactions on secure servers located in the UK.
Insurer funded – Where your access to our service is funded by an insurance provider, with your consent, we will need to inform your insurance company of your name; email address; policy number; demographic information; appointment and procedure details.
Passive information collection and use
As you navigate through the Site, certain information can be passively collected (that is, gathered ‘in the background’, ie without you being aware of the collection or actively providing that information). This is achieved using various technologies and means, such as Internet Protocol addresses; cookies; internet tags and navigational data collection.
Please read our Cookies Policy and review the Cookie Settings for detailed information about cookies and other tracking technologies used on our website. In this policy you will also find information on how to disable cookies and tracking technologies if you do not agree to their use. You will also find information on the consequence(s), if any of disabling each specific cookie / tracking technology. If you do not disable any cookies or tracking technologies, we will infer that you consent to the use of them.
We and our third – party service providers may passively collect and use information in a variety of ways, including:
Through your browser – Certain information is collected by most browsers, such as your Media Access Control ‘MAC’ address; computer type (Windows or Macintosh); screen resolution; operating system version and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the website through a mobile device.
IP Address – Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites. We use IP Addresses for purposes such as administering the Site, calculating Site usage levels and helping diagnose server problems.
Using pixel tags, web beacons, clear GIFs, or other similar technologies – These may be used in connection with some Site pages and HTML – formatted email messages to, among other things, track the actions of Site users and email recipients; measure the success of our marketing campaigns and compile statistics about Site usage and response rates.
Online behavioural advertising – The use of cookies, pixel tags, web beacons, clear GIFs, or other similar technologies allows our third – party vendors to deliver advertisements about our products and services when you visit the Site or other web sites or web properties across the Internet. These vendors may place pixel tags, web beacons, clear GIFs, or similar technologies on the Site and other websites or web properties and also place or recognize third – party cookies when you visit the Site or other sites or web properties. They may use information about your visits to the Site and other web sites or web properties to provide advertisements about goods and services that may be of interest to you.
Device Information – We may collect information about your mobile device, such as a unique device identifier.
Third Party Sites and Services
This Privacy Policy does not address and we are not responsible for, the privacy; information; or other practices of any third parties, including any third party operating any site or web property (including, without limitation, any App) that is available through this Site or to which this Site contains a link. The availability of, or inclusion of a link to, any such site or property on the Site does not imply endorsement of it by Optegra or by Optegra’s affiliates.
Social Media and Sharing Tools
On some pages, we may also feature embedded ‘Share’ buttons or widgets that enable you to share content with friends through a number of popular social networking sites (eg Twitter and Facebook etc).
These sites may set cookies which can identify you as an individual when you are also logged in to their services. This means they may be collecting information about what you are doing online, including on our Sites. We do not control these cookies and you should check the relevant third – party website to see how your information is used and how to opt out.
Video and Telephone Consultations
We may offer you a consultation via video conferencing, which we may choose to record.
Alternatively, the consultation may be via a telephone call at our Customer Engagement Centre. Please note that that we record outgoing calls from our Customer Engagement Centre, as well as incoming calls to the Customer Engagement Centre.
Your personal / confidential patient information will be safeguarded in these consultations and any risks explained to you before the consolations begin. Please note that you are consenting to this, by accepting the invitation and entering into the consultations.
Optegra’s use of your personal data
We use, ie process and share, your personal data
We use the personal data and information you provide to us in the following ways:
- To decide how best to provide treatment to you
- To take steps at your request during the course of your treatment
- To update your records with us and
- Generally to support the provision of your healthcare.
We use information from or about you:
- To respond to your enquiries and fulfil your requests, such as to send you documents you request.
- To send you important information regarding our relationship with you or regarding the Site, changes to our terms, conditions, and policies and / or other administrative information.
- For our business purposes, such as data analysis, audits; developing new products; enhancing our website, improving our products and services, identifying Site usage trends, personalizing your experience on the Site by presenting products and offers tailored to you and determining the effectiveness of our promotional campaigns.
We may also share information collected through the Site:
- To our third – party service providers who provide services such as website hosting and moderating, mobile App, hosting, data analysis, payment processing, order fulfilment, infrastructure provision, IT services, customer service, e – mail and direct mail delivery services, credit card processing, auditing services and other services, in order to enable them to provide services on our behalf;
- To our affiliates for the purposes described in this Privacy Policy;
- To a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
- Sub – processors. We may share information with sub – processors who assist in providing us with key services.
Data Protection Consent
Please note that you can opt out or not consent at any time from any of the data processing and data sharing initiatives described below (although this will not affect the lawfulness of any processing of your Personal Data up to that point). If you do want to opt out or to not consent, please contact: DPO@Optegra.com.
We may share details of your medical health and / or other aspects of your personal information, when we have the legal right to do so under Data Protection Law(s) / Data Protection Laws or when we believe the sharing is in your interests. However, if we believe it is appropriate to seek your consent to the sharing, we will request your consent.
Clinical research
From time to time leading companies in eye healthcare, eg medical device companies, contact Optegra UK and / or our Eye Sciences Division, to request our assistance, on a commercial basis, to conduct clinical research projects and / or clinical trials, for eye conditions and / or associated new technologies.
In providing this assistance, Optegra may use (ie process and share with these companies) personal data about your eye condition(s); the treatment(s) we provided you with; the types of surgery we performed on you and the lens(es) we used. Optegra may use your personal data in one clinical research project or many clinical research projects.
However, before using your personal data in this way with these companies, we will request your consent to do so.
If you provide your consent to this, we will use security measures, eg pseudonymisation, before sharing your details, to ensure that you are not identified in any publications.
Furthermore, you can withdraw your consent at any time to the use of your personal data for research, by contacting DPO@Optegra.com.
If you are an NHS patient, in addition to choosing to withdraw your consent as above (to participate in Optegra UK research initiatives), you can choose to withdraw your consent under the National Data Opt – Out.
However, if you withdraw your consent, it will not be possible for us to remove your information from research which has already been included in the research analysis.
Data Protection – Agreement & Declaration
(1) We will disclose your medical information to those involved with your treatment or care at Optegra UK or any other hospital. We consider that these disclosures are in your best interests.
(2) Optegra UK will share your non – medical information (or where applicable, details of your Guarantor or Sponsor) in relation to billing, processing, payment or collection of accounts, or credit referencing information. This extends to any person or organisation
involved in the billing, processing payment, collection or credit referencing activities. In order to achieve this, Optegra UK will employ appropriate measures to protect your personal data.
3) Optegra UK has regulatory and / or compliance obligations to share certain clinical data with various governmental and regulatory bodies (for example the General Medical Council ‘GMC’, the Medical and Healthcare products Regulatory ‘MHRA’ and the Care Quality Commission ‘CQC’), or as otherwise required by law or regulation. This may include any personally identifiable clinical information, including your NHS patient identification number or its equivalent.
(4) Optegra UK has legal obligations to share certain personal data with the Private
Healthcare Information Network ‘PHIN’ for further information please visit PHIN at https://www.phin.org.uk/.
5) We may need to share your data with our third – party service providers which provide our equipment and provide services such as: website hosting, moderating, mobile App, hosting, data analysis, payment processing, order fulfilment, infrastructure provision, IT services, customer service, email and direct mail delivery services, credit card processing, auditing services and other services, in order to enable them to provide services on our behalf and continually improve overall care.
6) Optegra UK participates in national clinical audits and submits data to national registries. These data sharing initiatives are aimed at improving the quality of patient care, medical treatments and outcomes across the healthcare industry.
For further information on how your information is used, how we maintain the security of your information and your rights to access the information, please contact: DPO@Optegra.com.
COVID – 19 Data Protection Statement
During these unprecedented times, Optegra UK’s main priority is the health and safety of our patients, colleagues and the wider community as well as supporting the NHS in responding to the COVID – 19 pandemic.
As a result of these unique circumstances, Optegra UK Ltd may need to share personal data with the NHS and other regulatory and government bodies for the purpose of supporting the response to the COVID – 19 pandemic.
Each of our hospitals is working in collaboration to ensure we can provide the right help, exactly where and when it is needed and this may involve personal data being shared with us by the local healthcare organisations.
This will be done in accordance with data protection laws and will include any amendments to legislation made by the Secretary of State.
We will also consider any guidance provided by the Information Commissioner’s Office ‘ICO’.
Submitting a Data Subject Access Request ‘DSAR’ / ‘SAR’ (your legal right)
You have the right to access the personal data which we hold about you.
You can request access to your personal data by contacting DPO@Optegra.com to submit a SAR.
Due to the current circumstances, if you submit a SAR, please note that you may experience a delayed response to your request. This is because we will be diverting resources to help with the ongoing healthcare and treatment of our patients and other challenges.
This also means that the number of administrative staff who work at our hospitals or other admin officer may be reduced, which limits our ability to handle or collect any correspondence we receive in the post.
Therefore, if you need to contact us about a SAR or other information request, you should contact us by email, at DPO@Optegra.com.
Your other legal rights as a data subject (an individual whose personal data we hold)
You can use the SAR process to exercise your right to:
- Have your personal data rectified if it is inaccurate or incomplete;
- Request that we erase information we hold about you;
- Restrict the processing of your personal data, eg by asking us not to contact you;
- Object to the processing of your data for specific purposes, such as communications or direct marketing; and
- Ask for your personal data to be electronically moved; copied or transferred, from one IT environment to another in a safe and secure way, without affecting the usability of the personal data (data portability).
You also have the right to lodge a complaint with the Information Commissioner’s Office:
Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate).
Website: https://ico.org.uk/global/contact-us/
The sharing of your Personal Data during the Covid – 19 pandemic
During the Covid – 19 pandemic your personal data may also be shared for the following purposes:
- Understanding Covid – 19 trends and risks to public health and controlling and preventing the spread of Covid – 19;
- Identifying and understanding information about patients or potential patients with or at risk of Covid – 19 including patient exposure to Covid-19;
- Management of patients with or at risk of Covid – 19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self -isolation, fitness to work, treatment, medical and social interventions and recovery from Covid – 19;
- Understanding capacity and availability information about patient access to health services and adult social care services;
- Monitoring and managing the response to Covid – 19 by health and social care bodies and the Government including providing information (including workforce details) to the public about Covid – 19;
- Delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid – 19; and
- Research and planning in relation to Covid – 19.
We will regularly review this Privacy Notice and its applicability throughout the Covid – 19 outbreak. We may also notify you in other ways from time to time about the processing of your personal information.
The legal basis for processing your personal data
We will process your personal data under Article 6 (1) (b) and Article 9 (2) (h) of the UK General Data Protection Regulation ‘UK GDPR’. In addition, Optegra UK Limited will rely on one or more of the following bases when sharing personal data as part of our support work with the NHS during the COVID – 19 pandemic:
- Legal obligation: the processing is necessary for compliance with a legal obligation to which we are subject: Article 6 (1) (c); *
- Vital interests: the processing is necessary to protect someone’s life: Article 6 (1) (d);
- Public interest: the processing is necessary to perform a task in the public interest: Article 6 (e); and
- Legitimate interests: the processing is necessary for Optegra UK’s legitimate interests or the legitimate interests of a third party: Article 6 (1) (f).
When processing ‘special category’ personal data for the purposes of:
- Employment, social security and social protection: Article 9 (2) (b);
- Vital interests of the Data Subject: Article 9 (2) (c);
- Substantial public interest: Article 9 (2) (g);
- Provision of health or social care: Article 9 (2) (h); and
- Public interest in the area of public health such as protecting against serious cross border threats to health: Article 9 (2) (i).
* This includes the Notice by Secretary of State under Reg 3 (4) of Health Service (Control of Patient Information) Regulations issued on 1st April 2020 (Coronavirus (COVID-19): notification to organisations to share information – GOV.UK (www.gov.uk)), allowing healthcare providers to share personal data and any other such notice that may be issued to support efforts against Covid – 19.
Data Retention
We retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy and in line with specific retention periods period set out in our Health Records Management Policy. This is unless a longer retention period is required or allowed by law or to fulfil a legal obligation.
Security
We use reasonable organisational, technical and administrative measure to protect personal information under our control and in accordance with this Privacy Policy.
Unfortunately, secure transmission of information via the internet cannot be guaranteed due to security threats outside our control and you acknowledge that transmission over the internet is at your own risk.
Cross – Border Transfers of personal data
As to personal data – including personal information that consists of medical data, ie ‘special category’ data, Optegra UK will generally store or process this within the UK, or within the European Union ‘EU’ / European Economic Area ‘EEA’ or United States.
Transfers of personal data to these regions are protected by UK Government adequacy decisions, which ensure that these regions provide an adequate level of protection for personal data.
If we transfer your personal data outside these areas (ie to countries which do not benefit from a UK Government adequacy decision), we will always make the transfer in accordance with UK data protection law and subject to appropriate safeguards. These safeguards may include eg data sharing agreements and other related data protection documentation; standard contractual clauses; binding corporate rules ‘BCRs’ and technical / organisational measures.
However, sometimes, Optegra UK may need to allow our data processors and / or subcontractors (ie those companies / organisations which provide services to Optegra UK and process personal data on our behalf) to store or process personal data outside the UK / EU / EEA / USA.
If there is no UK Government adequacy decision in the country(ies) to which your personal data is transferred, these countries often have their own legislation, offering a level of protection for personal data.
Download a free infopack
Not ready for a consultation? Learn more about our range of treatments, doctors and hospitals
Information packFree Virtual Consultation
Book your virtual consultation with our top rated eye hospitals
Book NowCall us free
We'll answer any questions you may have about treatment.
Private: Mon-Thu: 8am-7pm, Fri: 8am – 5.30pm NHS: Mon-Fri: 8am – 6pm
Patient Portal
Manage your existing bookings & payments
Patient Portal